1. Field of the Invention
The invention relates to a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device. More particularly, the invention relates to a system and method for establishing initial cryptographic keys for a plurality of cryptographic devices that are geographically widely scattered, such as bank Automated Teller Machines (ATMs).
2. Description of Related Art
A bank or other financial institution may provide Automated Teller Machines (ATMs), or equivalent field devices, for the convenience of its customers. The ATMs usually communicate electronically with a central computer physically located at a branch office of the bank so that the customer can manipulate his bank account at any time regardless of the operating hours of the branch without interacting with a human representative. Such bank transactions may include the transfer of money between accounts, the deposit and withdrawal of funds and the like. Network operating rules and voluntary ANSI Standards require the use of cryptography to protect sensitive information such as the Personal Identification Number (PIN) usually associated with such bank transactions from potential compromise by an opponent intent on committing fraud against the network and the cardholder.
As should be expected, it is necessary for the bank to verify that a field device, for example an ATM, is authorized to communicate with the central computer at the branch office. Such measures endeavor to prevent an unauthorized device from imitating the ATM and accessing a customer""s account without proper authorization. There are a number of ways in which to establish secure electronic communications between a network of ATMs and the central computer. One way is via a dedicated arrangement of data transmission lines. The transmission lines connect the ATMs directly to the central computer. Accordingly, only authorized ATMs can communicate with the central computer over the dedicated transmission lines. However, the cost of installing dedicated transmission lines and the associated communications hardware is generally prohibitive, especially in light of the need to secure rights of way to carry the transmission lines between each of the ATMs and the central computer. Furthermore, even dedicated transmission lines may still be vulnerable to access by individuals possessing the ability to physically tap into the transmission lines.
A more economical approach to establish secure electronic communications between a network of field devices and a host device is by means of cryptography. Good cryptographic practice requires that each pair of communicating devices on the network share a unique cryptographic key. The use of a unique cryptographic key for each pair of communicating devices limits the degree to which an unauthorized user can compromise the network to that one pair of devices. Where a plurality of devices are provided with a common cryptographic key, often referred to as a Global key, an unauthorized user can compromise any of the devices by compromising any one of the devices sharing the Global key. For example, an unauthorized user could gain access to a large number of ATMs with the knowledge of only a single cryptographic key. The banking industry actually facilitates this high degree of risk since the present practice is to load many field devices in a network with a Global key for operational convenience.
Two general types of cryptography are presently in use. One type is public key or asymmetric cryptography, for example RSA. The other type is symmetric cryptography, for example the Data Encryption Algorithm (DEA). The DEA is currently the most widely used algorithm in ATM banking devices. Symmetric cryptography requires the same cryptographic key to be established at both cryptographic devices, namely the field device and the host device. In addition, symmetric cryptography requires the cryptographic key to be managed under the principles of split knowledge and dual control usually implemented by utilizing two different individuals, referred to as key custodians, to establish the key. Each key custodian is entrusted with a portion, referred to as a component, of the cryptographic key that they must physically enter into the field device, for example an ATM. Thus, the key custodians must personally visit each ATM in the network in turn to establish the appropriate key in the ATM. The same, or other key custodians, must then personally visit the host device to establish the same cryptographic key in the host device. Since the ATMs and the host devices are oftentimes geographically widely scattered, it is frequently impractical for the key custodians to accomplish the necessary visits within an acceptable timeframe. As a result of this key management logistics problem, many banks use the same cryptographic key for a large number of ATMs on a single ATM network.
With the above concerns in mind, it is an objective of the present invention to provide a system and method for securely establishing a unique cryptographic key between a first cryptographic device and a second cryptographic device.
It is a further, and more particular, objective of the present invention to provide a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device without the need for the extensive protective measures typically required to manage the components of the cryptographic key.
It is still a further objective of the present invention to provide a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device that are geographically widely scattered.
It is still a further objective of the present invention to provide a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device without the custodial overhead normally associated with the distribution and secure management of the components of the key.
It is still a further objective of the present invention to provide a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device wherein a plurality of unrelated random numbers are distributed to serve as key components.
It is still a further objective of the present invention to provide a system and method for ensuring a high probability that a cryptographic key established between a first cryptographic device and a second cryptographic device is unique.
It is still a further objective of the present invention to provide a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device including a database of information relating to the establishment of the cryptographic key that permits the devices, the key custodians and the key components utilized to establish the cryptographic key to be traced and routinely audited.
These and other objectives and advantages will become more readily apparent to those of skill in the art with reference to the following detailed description and the accompanying drawing figures.
The aforementioned objectives and advantages are realized by a system and method for establishing secure cryptographic keys between cryptographic devices according to the present invention. The system includes a plurality of key components, each having a first unique identifier. Preferably, each of the key components is a random number generated by a strong random number generator and is indexed to a predetermined reference number.
The system further includes a first cryptographic device. The first cryptographic device includes an electronic database wherein each of the key components is encrypted and indexed by its corresponding first unique identifier. Preferably, the first cryptographic device further includes a Tamper Resistant Security Module (TRSM). The system further includes a second cryptographic device for entering at least two of the key components therein to establish the cryptographic key within the second cryptographic device. The second cryptographic device is assigned a second unique identifier for a purpose to be described hereinafter. Preferably, the second cryptographic device is a bank ATM and the at least two key components are entered into the ATM. Most preferably, the two key components entered into the ATM are different and are entered by different key custodians, for example an installation and service representative and a bank representative.
The system further includes means for communicating the first unique identifier of the key components entered into the second cryptographic device and the second unique identifier assigned to the second cryptographic device to the first cryptographic device. Preferably, the means for communicating is an interactive voice response unit in conjunction with an input device, such as a DTMF or xe2x80x9ctouch-tonexe2x80x9d telephone. The first cryptographic device further includes means for retrieving and combining the encrypted key components indexed by the first unique identifiers corresponding to the key components entered into the second cryptographic device from the electronic database to recreate the cryptographic key established in the second cryptographic device.
Preferably, the system further comprises a plurality of tamper evident envelopes. Each of the tamper evident envelopes is utilized to retain and transport one of the key components corresponding to the first unique identifier marked on the inside or the outside of the envelope. If the seal on the tamper evident envelope is broken, the key custodian merely discards the first and selects a second envelope containing another random number to be entered into the second cryptographic device. Accordingly, it is not necessary to obtain a new key component that is related to another key component in a predetermined manner.
The method of the invention includes the first step of providing a plurality of key components wherein each of the plurality of key components has a first unique identifier. Preferably, the step of providing a plurality of key components includes the further step of generating a plurality of random numbers using a strong random number generator with each of the random numbers corresponding to a predetermined reference number. The step of providing a plurality of key components may also include the further steps of sealing each of the key components in a tamper evident envelope and marking the envelope with the reference number corresponding to the random number inside the tamper evident envelope.
The method includes the second step of providing a first cryptographic device comprising an electronic database. Preferably, the step of providing a first cryptographic device includes the further step of providing a Tamper Resistant Security Module (TRSM). The method includes the third step of programming the electronic database of the first cryptographic device such that each of the plurality of key components is encrypted and indexed by its corresponding first unique identifier.
The method includes the fourth step of providing a second cryptographic device for entering at least two of the plurality of key components therein to establish a cryptographic key, the second cryptographic device being assigned a second unique identifier for a purpose to be described hereinafter. Preferably, the step of providing a second cryptographic device includes the further step of providing a bank Automated Teller Machine (ATM).
The method includes the fifth step of communicating the first unique identifier of the key components entered into the second cryptographic device and the second unique identifier assigned to the second cryptographic device to the first cryptographic device. Preferably, the step of communicating includes the further step of electronically communicating the first unique identifiers and the second unique identifier to the first cryptographic device via an interactive voice response unit.
The method includes the sixth step of retrieving the encrypted key components indexed by the first unique identifiers communicated to the first cryptographic device. Finally, the method includes the seventh step of combining the encrypted key components to recreate the cryptographic key established in the second cryptographic device. For a purpose to be described hereinafter, the method of the invention may also include the eighth step of transmitting the cryptographic key recreated in the first cryptographic device to a third cryptographic device. Preferably the cryptographic key is transmitted to the third cryptographic device by means of a Key Encryption Key previously established in a known manner.